Platform
azure
Component
azure-compute-resource-provider
CVE-2025-59503 describes a server-side request forgery (SSRF) vulnerability within the Azure Compute Gallery. This flaw allows an unauthorized attacker to potentially escalate privileges and gain control over network resources. The vulnerability impacts versions of Azure Compute Gallery prior to a fix being released. Microsoft is expected to release a patch to address this issue.
The SSRF vulnerability in Azure Compute Gallery presents a significant risk. An attacker exploiting this flaw could craft malicious requests that originate from the Azure infrastructure, effectively masquerading as a trusted entity. This allows them to bypass security controls and access internal resources that should be protected. Successful exploitation could lead to data exfiltration, modification of configurations, or even complete compromise of the affected Azure environment. The potential blast radius is substantial, impacting any services or data accessible through the Azure Compute Gallery.
This vulnerability was publicly disclosed on 2025-10-23. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been released as of this writing, the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is recommended to monitor security advisories and threat intelligence feeds for any indications of active exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.20% (41% percentile)
CISA SSVC
CVSS Vector
While a patch is pending, several mitigation steps can be taken to reduce the risk. First, implement strict network segmentation to isolate the Azure Compute Gallery from sensitive resources. Restrict outbound network traffic from the gallery to only necessary destinations. Employ Azure Network Security Groups (NSGs) to control inbound and outbound traffic flows. Regularly review and audit access controls to ensure least privilege principles are enforced. Consider using Azure Policy to enforce these configurations across your environment. After the patch is released, upgrade to the fixed version and verify the vulnerability is resolved by attempting a controlled SSRF request.
Update the Azure Compute Resource Provider to the latest version available from Microsoft. This will mitigate the SSRF vulnerability and prevent unauthorized privilege escalation. Refer to the Microsoft advisory for detailed update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59503 is a critical server-side request forgery (SSRF) vulnerability in Azure Compute Gallery that allows unauthorized privilege escalation over a network.
If you are using Azure Compute Gallery and have not upgraded to the patched version (once released), you are potentially affected by this vulnerability.
Upgrade to the patched version of Azure Compute Gallery as soon as it becomes available. Implement network segmentation and restrict outbound traffic as interim mitigations.
While no active exploitation has been confirmed, the high CVSS score and SSRF nature of the vulnerability suggest a high likelihood of exploitation.
Refer to the official Microsoft Security Response Center (MSRC) advisory for CVE-2025-59503 when it is published.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.